Security and data protection practices

CookieHub is committed to maintaining a high level of security and data protection across its services.

Our security program is aligned with ISO/IEC 27001 principles and GDPR Article 32 requirements. We maintain documented policies and controls designed to protect the confidentiality, integrity, and availability of customer data.

ISO 27001

CookieHub maintains an information security management system (ISMS) aligned with ISO/IEC 27001 standards. This includes:

  • Risk assessment and risk treatment processes
  • Access control policies
  • Incident management procedures
  • Change management controls
  • Continuous improvement mechanisms

Our cloud infrastructure providers also operate ISO 27001-certified data centers.

Data Center and Infrastructure Security

Primary application and consent log data are stored within the European Economic Area (EEA), including data centers located in Germany, France, and the Netherlands.

Infrastructure safeguards include:

  • Encryption in transit using TLS
  • Encryption at rest where applicable
  • Role-based access control
  • Multi-factor authentication for administrative access
  • Continuous monitoring and logging
  • Redundant hosting architecture

Data centers used by our infrastructure providers include physical access controls, environmental safeguards, and operational monitoring.

Network and Application Security

CookieHub implements layered security controls across its platform, including:

  • Vulnerability and patch management processes
  • Network access restrictions
  • Segregation of environments
  • Secure development practices
  • Monitoring for anomalous activity

Content delivery and network protection services are provided through globally distributed infrastructure to ensure performance and resilience.

Data Protection Safeguards

CookieHub is designed to minimize data collection.

In connection with consent management, we process limited pseudonymous and technical data necessary to record and demonstrate user consent. We do not intentionally collect directly identifiable personal information about end-users.

IP addresses stored in consent logs are anonymized.

Consent log entries are retained for up to one (1) year unless otherwise agreed.

International Transfers

Some service providers operate outside the EEA. Where personal data is transferred outside the EEA, appropriate safeguards under Chapter V GDPR, including Standard Contractual Clauses where applicable, are implemented.

Regulatory Alignment

CookieHub provides tools designed to support organizations in meeting privacy regulatory requirements, including GDPR and similar frameworks.

CookieHub does not provide legal advice and does not guarantee regulatory compliance. Customers remain responsible for configuring the Service in accordance with applicable laws.